[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Vulnerability in site leads to source code dump

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Vulnerability in site leads to source code dump
From: "Johnny Five" <hax0r892374@xxxxxxxx>
Date: Wed, 1 Apr 2015 14:10:38 +0200

<html><head></head><body><div style="font-family: Verdana;font-size: 
12.0px;"><div>
<pre>/__/&#92; /__/&#92; /_______/&#92; /_____/&#92; /___/&#92;/__/&#92; 
/_____/&#92; /_____/&#92;                                   
&#92;::&#92; &#92;&#92;  &#92; &#92;&#92;::: _  &#92; &#92;&#92;:::__&#92;/ 
&#92;::.&#92; &#92;&#92; &#92; &#92;&#92;::::_&#92;/_&#92;:::_ &#92; &#92;      
                            
 &#92;::&#92;/_&#92; .&#92; &#92;&#92;::(_)  &#92; &#92;&#92;:&#92; &#92;  
__&#92;:: &#92;/_) &#92; &#92;&#92;:&#92;/___/&#92;&#92;:&#92; &#92; &#92; 
&#92;                                 
  &#92;:: ___::&#92; &#92;&#92;:: __  &#92; &#92;&#92;:&#92; 
&#92;/_/&#92;&#92;:. __  ( ( &#92;::___&#92;/_&#92;:&#92; &#92; &#92; &#92;     
                           
   &#92;: &#92; &#92;&#92;::&#92; &#92;&#92;:.&#92; &#92;  &#92; 
&#92;&#92;:&#92;_&#92; &#92; &#92;&#92;: &#92; )  &#92; &#92; 
&#92;:&#92;____/&#92;&#92;:&#92;/.:&#124; &#124;                               
    &#92;__&#92;/ &#92;::&#92;/ &#92;__&#92;/&#92;__&#92;/ &#92;_____&#92;/ 
&#92;__&#92;/&#92;__&#92;/  &#92;_____&#92;/ &#92;____/_/                       
        
  _______   __  __                                                              
                
/_______/&#92; /_/&#92;/_/&#92;                                                 
                            
&#92;::: _  &#92; &#92;&#92; &#92; &#92; &#92; &#92;                            
                                                
 &#92;::(_)  &#92;/_&#92;:&#92;_&#92; &#92; &#92;                               
                                            
  &#92;::  _  &#92; &#92;&#92;::::_&#92;/                                       
                                    
   &#92;::(_)  &#92; &#92; &#92;::&#92; &#92;                                   
                                        
  __&#92;_______&#92;/__&#92;__&#92;/______   ______   ______   ______   ______ 
  ______   ______   ______      
/_______/&#92; /_____/&#92; /_____/&#92; /_____/&#92; /_____/&#92; /_____/&#92; 
/_____/&#92; /_____/&#92; /_____/&#92; /_____/&#92;     
&#92;::: _  &#92; &#92;&#92;::::_&#92;/_&#92;:::_ &#92; &#92;&#92;:::_:&#92; 
&#92;&#92;:::_ &#92; &#92;&#92;:::_ &#92; &#92;&#92;:::_ &#92; 
&#92;&#92;::::_&#92;/_&#92;:::_:&#92; &#92;&#92;:::__&#92;/     
 &#92;::(_)  &#92;/_&#92;:&#92;/___/&#92;&#92;:&#92; &#92; &#92; 
&#92;&#92;:&#92;_&#92;:&#92; &#92;&#92;:&#92; &#92; &#92; &#92;&#92;:&#92; 
&#92; &#92; &#92;&#92;:&#92; &#92; &#92; &#92;&#92;:&#92;/___/&#92;  
/_&#92;:&#92; &#92;&#92;:&#92; &#92;  __   
  &#92;::  _  &#92; &#92;&#92;:::._&#92;/ &#92;:&#92; &#92; &#92; 
&#92;&#92;::__:&#92; &#92;&#92;:&#92; &#92; &#92; &#92;&#92;:&#92; &#92; &#92; 
&#92;&#92;:&#92; &#92; &#92; &#92;&#92;_::._&#92;:&#92; &#92;::_:&#92; 
&#92;&#92;:&#92; &#92;/_/&#92;  
   &#92;::(_)  &#92; &#92;&#92;:&#92; &#92;    &#92;:&#92;/.:&#124; &#124;    
&#92; &#92; &#92;&#92;:&#92;_&#92; &#92; &#92;&#92;:&#92;_&#92; &#92; 
&#92;&#92;:&#92;_&#92; &#92; &#92; /____&#92;:&#92;/___&#92;:&#92; 
&#39;&#92;:&#92;_&#92; &#92; &#92; 
    &#92;_______&#92;/ &#92;_&#92;/     &#92;____/_/     &#92;_&#92;/ 
&#92;_____&#92;/ &#92;_____&#92;/ &#92;_____&#92;/ &#92;_____&#92;/&#92;______/ 
 &#92;_____&#92;/ 
                                                                                
                </pre>

<div>&nbsp;</div>

<div>We are BFD9000Sec and we have a mini dump surprise for you all! Website 
comprimise leads to SOURCE CODE RELEASE!</div>

<div>Website target: http://www.0xrage.com</div>

<div>Source code: rcrypt packer</div>

<div>&nbsp;</div>

<div>LFI/RFI fail in module 
donate.php?sendcash=[vulnerable]&amp;donationfrom=[doesntmatter]</div>

<div>&nbsp;</div>

<div>User input not sanitized at all and now your c0de is d&#124;_&#124;mped! 
Maybe stop using vulnerable WP plugins? lol</div>

<div>&nbsp;</div>

<div>We h0pe u enj0y the rel3ase!</div>

<div>&nbsp;</div>

<div>&nbsp;- BFD9000Sec!!!!</div>

<div>&nbsp;</div>
</div></div></body></html>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] mDNS VU#550620
Next by Date: [FD] Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Previous by thread: [FD] mDNS VU#550620
Next by thread: [FD] Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Index(es):
- Date
- Thread